Collaboration diagram for ilWebAccessChecker:

Public Member Functions
	__construct ($path, ilWACCookieInterface $ilWACCookieInterface=null, ilWACHeaderInterface $ilWACHeaderInterface=null)
	ilWebAccessChecker constructor. More...

	check ()

	initILIAS ()

	isChecked ()

	setChecked ($checked)

	getPathObject ()

	setPathObject ($path_object)

	getDisposition ()

	setDisposition ($disposition)

	getOverrideMimetype ()

	setOverrideMimetype ($override_mimetype)

	isInitialized ()

	setInitialized ($initialized)

	isSendStatusCode ()

	setSendStatusCode ($send_status_code)

	isRevalidateFolderTokens ()

	setRevalidateFolderTokens ($revalidate_folder_tokens)

	getCookie ()

	setCookie ($cookie)

	getAppliedCheckingMethods ()

	setAppliedCheckingMethods ($applied_checking_methods)

	getHeader ()

	setHeader ($header)

Static Public Member Functions
static	isDEBUG ()

static	setDEBUG ($DEBUG)

static	isUseSeperateLogfile ()

static	setUseSeperateLogfile ($use_seperate_logfile)

Data Fields
const	DISPOSITION = 'disposition'

const	STATUS_CODE = 'status_code'

const	REVALIDATE = 'revalidate'

const	CM_FILE_TOKEN = 1

const	CM_FOLDER_TOKEN = 2

const	CM_CHECKINGINSTANCE = 3

const	CM_SECFOLDER = 4

Protected Member Functions
	sendHeader ($message)

	checkPublicSection ()

	checkUser ()

	addAppliedCheckingMethod ($method)

	isRequestNotFromLoginPage ()

Protected Attributes
	$path_object = null

	$checked = false

	$disposition = ilFileDelivery::DISP_INLINE

	$override_mimetype = ''

	$send_status_code = false

	$initialized = false

	$revalidate_folder_tokens = true

	$cookie = null

	$header = null

	$applied_checking_methods = array()

Static Protected Attributes
static	$DEBUG = false

static	$use_seperate_logfile = false

Detailed Description

Class ilWebAccessChecker.

Author: Fabian Schmid fs@st.nosp@m.uder.nosp@m.-raim.nosp@m.ann..nosp@m.ch

Version: 1.0.0

Definition at line 17 of file class.ilWebAccessChecker.php.

Constructor & Destructor Documentation

◆ __construct()

ilWebAccessChecker::__construct	(		$path,
		ilWACCookieInterface	$ilWACCookieInterface = `null`,
		ilWACHeaderInterface	$ilWACHeaderInterface = `null`
	)

ilWebAccessChecker constructor.

Parameters

	$path
\ilWACCookieInterface \| null	$ilWACCookieInterface

Definition at line 82 of file class.ilWebAccessChecker.php.

                                                                                                                                                 {
                $this->setPathObject(new ilWACPath($path));
                $this->setCookie($ilWACCookieInterface ? $ilWACCookieInterface : new ilWACCookie());
                $this->setHeader($ilWACHeaderInterface ? $ilWACHeaderInterface : new ilWACHeader());
        }

References $path, setCookie(), setHeader(), and setPathObject().

Here is the call graph for this function:

Member Function Documentation

◆ addAppliedCheckingMethod()

ilWebAccessChecker::addAppliedCheckingMethod ( $method )

protected

Parameters

int $method

Definition at line 416 of file class.ilWebAccessChecker.php.

                                                             {
                $this->applied_checking_methods[] = $method;
        }

Referenced by check().

Here is the caller graph for this function:

◆ check()

ilWebAccessChecker::check ( )

Returns: bool

Exceptions

ilWACException

Definition at line 93 of file class.ilWebAccessChecker.php.

                                {
                ilWACLog::getInstance()->write('Checking File: ' . $this->getPathObject()->getPathWithoutQuery());
                if (!$this->getPathObject()) {
                        throw new ilWACException(ilWACException::CODE_NO_PATH);
                }
 
                // Check if Path has been signed with a token
                $ilWACSignedPath = new ilWACSignedPath($this->getPathObject(), $this->cookie);
                if ($ilWACSignedPath->isSignedPath()) {
                        $this->addAppliedCheckingMethod(self::CM_FILE_TOKEN);
                        if ($ilWACSignedPath->isSignedPathValid()) {
                                $this->setChecked(true);
                                ilWACLog::getInstance()->write('checked using token');
                                $this->sendHeader('checked using token');
 
                                return true;
                        }
                }
 
                // Check if the whole secured folder has been signed
                if ($ilWACSignedPath->isFolderSigned()) {
                        $this->addAppliedCheckingMethod(self::CM_FOLDER_TOKEN);
                        if ($ilWACSignedPath->isFolderTokenValid()) {
                                if ($this->isRevalidateFolderTokens()) {
                                        $ilWACSignedPath->revalidatingFolderToken();
                                }
                                $this->setChecked(true);
                                ilWACLog::getInstance()->write('checked using secure folder');
                                $this->sendHeader('checked using secure folder');
 
                                return true;
                        }
                }
 
                // Fallback, have to initiate ILIAS
                $this->initILIAS();
 
                // Maybe the path has been registered, lets check
                $checkingInstance = ilWACSecurePath::getCheckingInstance($this->getPathObject());
                if ($checkingInstance instanceof ilWACCheckingClass) {
                        $this->addAppliedCheckingMethod(self::CM_CHECKINGINSTANCE);
                        ilWACLog::getInstance()->write('has checking instance: ' . get_class($checkingInstance));
                        $canBeDelivered = $checkingInstance->canBeDelivered($this->getPathObject());
                        if ($canBeDelivered) {
                                ilWACLog::getInstance()->write('checked using fallback');
                                $this->sendHeader('checked using fallback');
                                if ($ilWACSignedPath->isFolderSigned() && $this->isRevalidateFolderTokens()) {
                                        $ilWACSignedPath->revalidatingFolderToken();
                                }
 
                                $this->setChecked(true);
 
                                return true;
                        } else {
                                ilWACLog::getInstance()->write('checking-instance denied access');
                                $this->setChecked(true);
 
                                return false;
                        }
                }
 
                // none of the checking mechanisms could have been applied. no access
                $this->setChecked(true);
                ilWACLog::getInstance()->write('none of the checking mechanisms could have been applied. access depending on sec folder');
                if ($this->getPathObject()->isInSecFolder()) {
                        $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
                        ilWACLog::getInstance()->write('file is in sec-folder, no delivery');
 
                        return false;
                } else {
                        $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
                        ilWACLog::getInstance()->write('file is not in sec-folder, delivery');
 
                        return true;
                }
        }

References addAppliedCheckingMethod(), ilWACException\CODE_NO_PATH, ilWACLog\getInstance(), getPathObject(), initILIAS(), isRevalidateFolderTokens(), sendHeader(), and setChecked().

Referenced by ilWebAccessCheckerDelivery\handleRequest().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ checkPublicSection()

ilWebAccessChecker::checkPublicSection ( )

protected

Definition at line 211 of file class.ilWebAccessChecker.php.

                                                {
                global $DIC;
                $not_on_login_page = $this->isRequestNotFromLoginPage();
                $is_anonymous = ((int)$DIC->user()->getId() === (int)ANONYMOUS_USER_ID);
                $is_null_user = ($DIC->user()->getId() === 0);
                $pub_section_activated = (bool)$DIC['ilSetting']->get('pub_section');
                $isset = isset($DIC['ilSetting']);
                $instanceof = $DIC['ilSetting'] instanceof ilSetting;
                if (!$isset || !$instanceof || (!$pub_section_activated && ($is_anonymous || ($is_null_user && $not_on_login_page)))) {
                        throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
                }
        }

References $DIC, ilWACException\ACCESS_DENIED_NO_PUB, and isRequestNotFromLoginPage().

Referenced by initILIAS().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ checkUser()

ilWebAccessChecker::checkUser ( )

protected

Definition at line 225 of file class.ilWebAccessChecker.php.

                                       {
                global $DIC;
 
                $is_user = $DIC->user() instanceof ilObjUser;
                $user_id_is_zero = ((int)$DIC->user()->getId() === 0);
                $not_on_login_page = $this->isRequestNotFromLoginPage();
                if (!$is_user || ($user_id_is_zero && $not_on_login_page)) {
                        throw new ilWACException(ilWACException::ACCESS_DENIED_NO_LOGIN);
                }
        }

References $DIC, ilWACException\ACCESS_DENIED_NO_LOGIN, and isRequestNotFromLoginPage().

Referenced by initILIAS().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ getAppliedCheckingMethods()

ilWebAccessChecker::getAppliedCheckingMethods ( )

Returns: array

Definition at line 400 of file class.ilWebAccessChecker.php.

                                                    {
                return $this->applied_checking_methods;
        }

References $applied_checking_methods.

◆ getCookie()

ilWebAccessChecker::getCookie ( )

Returns: \ilWACCookieInterface

Definition at line 384 of file class.ilWebAccessChecker.php.

                                    {
                return $this->cookie;
        }

References $cookie.

◆ getDisposition()

ilWebAccessChecker::getDisposition ( )

Returns: string

Definition at line 272 of file class.ilWebAccessChecker.php.

                                         {
                return $this->disposition;
        }

References $disposition.

Referenced by ilWebAccessCheckerDelivery\deliver(), ilWebAccessCheckerDelivery\deliverDummyImage(), and ilWebAccessCheckerDelivery\deliverDummyVideo().

Here is the caller graph for this function:

◆ getHeader()

ilWebAccessChecker::getHeader ( )

Returns: \ilWACHeaderInterface

Definition at line 424 of file class.ilWebAccessChecker.php.

                                    {
                return $this->header;
        }

References $header.

Referenced by sendHeader().

Here is the caller graph for this function:

◆ getOverrideMimetype()

ilWebAccessChecker::getOverrideMimetype ( )

Returns: string

Definition at line 288 of file class.ilWebAccessChecker.php.

                                              {
                return $this->override_mimetype;
        }

References $override_mimetype.

◆ getPathObject()

ilWebAccessChecker::getPathObject ( )

Returns: ilWACPath

Definition at line 256 of file class.ilWebAccessChecker.php.

                                        {
                return $this->path_object;
        }

References $path_object.

Referenced by check(), ilWebAccessCheckerDelivery\deliver(), ilWebAccessCheckerDelivery\deliverDummyImage(), ilWebAccessCheckerDelivery\deliverDummyVideo(), ilWebAccessCheckerDelivery\handleAccessErrors(), and initILIAS().

Here is the caller graph for this function:

◆ initILIAS()

ilWebAccessChecker::initILIAS ( )

Returns: bool

Exceptions

ilWACException

Definition at line 183 of file class.ilWebAccessChecker.php.

                                    {
                if ($this->isInitialized()) {
                        return true;
                }
                $GLOBALS['COOKIE_PATH'] = '/';
                $this->cookie->set('ilClientId', $this->getPathObject()->getClient(), 0, '/');
                ilContext::init(ilContext::CONTEXT_WAC);
                try {
                        ilWACLog::getInstance()->write('init ILIAS');
                        ilInitialisation::initILIAS();
                        $this->checkUser();
                        $this->checkPublicSection();
                } catch (Exception $e) {
                        if ($e instanceof ilWACException
                            && $e->getCode() !== ilWACException::ACCESS_DENIED_NO_LOGIN) {
                                throw  $e;
                        }
                        if (($e instanceof Exception && $e->getMessage() == 'Authentication failed.')
                            || $e->getCode() === ilWACException::ACCESS_DENIED_NO_LOGIN) {
                                $this->initAnonymousSession();
                                $this->checkUser();
                                $this->checkPublicSection();
                        }
                }
                $this->setInitialized(true);
        }

References $GLOBALS, ilWACException\ACCESS_DENIED_NO_LOGIN, checkPublicSection(), checkUser(), ilContext\CONTEXT_WAC, ilWACLog\getInstance(), getPathObject(), ilContext\init(), ilInitialisation\initILIAS(), isInitialized(), and setInitialized().

Referenced by check(), and ilWebAccessCheckerDelivery\handleAccessErrors().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ isChecked()

ilWebAccessChecker::isChecked ( )

Returns: boolean

Definition at line 240 of file class.ilWebAccessChecker.php.

                                    {
                return $this->checked;
        }

References $checked.

Referenced by ilWebAccessCheckerDelivery\deliver(), and ilWebAccessCheckerDelivery\deny().

Here is the caller graph for this function:

◆ isDEBUG()

static ilWebAccessChecker::isDEBUG ( )

static

Returns: boolean

Definition at line 352 of file class.ilWebAccessChecker.php.

                                         {
                return self::$DEBUG;
        }

References $DEBUG.

Referenced by ilWACLog\getInstance(), ilWACToken\isDEBUG(), and ilWACTokenTest\testSomeBasics().

Here is the caller graph for this function:

◆ isInitialized()

ilWebAccessChecker::isInitialized ( )

Returns: boolean

Definition at line 304 of file class.ilWebAccessChecker.php.

                                        {
                return $this->initialized;
        }

References $initialized.

Referenced by initILIAS().

Here is the caller graph for this function:

◆ isRequestNotFromLoginPage()

ilWebAccessChecker::isRequestNotFromLoginPage ( )

protected

Returns: bool

Definition at line 459 of file class.ilWebAccessChecker.php.

                                                       {
                $referrer = !is_null($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
                $not_on_login_page = (strpos($referrer, 'login.php') === false
                                      && strpos($referrer, '&baseClass=ilStartUpGUI') === false);
 
                return $not_on_login_page;
        }

References $_SERVER.

Referenced by checkPublicSection(), and checkUser().

Here is the caller graph for this function:

◆ isRevalidateFolderTokens()

ilWebAccessChecker::isRevalidateFolderTokens ( )

Returns: boolean

Definition at line 336 of file class.ilWebAccessChecker.php.

                                                   {
                return $this->revalidate_folder_tokens;
        }

References $revalidate_folder_tokens.

Referenced by check().

Here is the caller graph for this function:

◆ isSendStatusCode()

ilWebAccessChecker::isSendStatusCode ( )

Returns: boolean

Definition at line 320 of file class.ilWebAccessChecker.php.

                                           {
                return $this->send_status_code;
        }

References $send_status_code.

Referenced by ilWebAccessCheckerDelivery\handleAccessErrors().

Here is the caller graph for this function:

◆ isUseSeperateLogfile()

static ilWebAccessChecker::isUseSeperateLogfile ( )

static

Returns: boolean

Definition at line 368 of file class.ilWebAccessChecker.php.

                                                      {
                return self::$use_seperate_logfile;
        }

References $use_seperate_logfile.

Referenced by ilWACLog\getInstance().

Here is the caller graph for this function:

◆ sendHeader()

ilWebAccessChecker::sendHeader ( $message )

protected

Parameters

$message

Definition at line 174 of file class.ilWebAccessChecker.php.

                                                {
                $this->getHeader()->sendHeader('X-ILIAS-WebAccessChecker: ' . $message);
        }

References getHeader().

Referenced by check().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ setAppliedCheckingMethods()

ilWebAccessChecker::setAppliedCheckingMethods ( $applied_checking_methods )

Parameters

array $applied_checking_methods

Definition at line 408 of file class.ilWebAccessChecker.php.

                                                                             {
                $this->applied_checking_methods = $applied_checking_methods;
        }

References $applied_checking_methods.

◆ setChecked()

ilWebAccessChecker::setChecked ( $checked )

Parameters

boolean $checked

Definition at line 248 of file class.ilWebAccessChecker.php.

                                             {
                $this->checked = $checked;
        }

References $checked.

Referenced by check().

Here is the caller graph for this function:

◆ setCookie()

ilWebAccessChecker::setCookie ( $cookie )

Parameters

\ilWACCookieInterface $cookie

Definition at line 392 of file class.ilWebAccessChecker.php.

                                           {
                $this->cookie = $cookie;
        }

References $cookie.

Referenced by __construct().

Here is the caller graph for this function:

◆ setDEBUG()

static ilWebAccessChecker::setDEBUG ( $DEBUG )

static

Parameters

boolean $DEBUG

Definition at line 360 of file class.ilWebAccessChecker.php.

                                                {
                self::$DEBUG = $DEBUG;
        }

References $DEBUG.

Referenced by ilWACTokenTest\testCookieGeneration(), ilWACCheckingInstanceTest\testNonCheckingInstanceNoSec(), and ilWACTokenTest\testTokenGeneration().

Here is the caller graph for this function:

◆ setDisposition()

ilWebAccessChecker::setDisposition ( $disposition )

Parameters

string $disposition

Definition at line 280 of file class.ilWebAccessChecker.php.

                                                     {
                $this->disposition = $disposition;
        }

References $disposition.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

Here is the caller graph for this function:

◆ setHeader()

ilWebAccessChecker::setHeader ( $header )

Parameters

\ilWACHeaderInterface $header

Definition at line 432 of file class.ilWebAccessChecker.php.

                                           {
                $this->header = $header;
        }

References $header.

Referenced by __construct().

Here is the caller graph for this function:

◆ setInitialized()

ilWebAccessChecker::setInitialized ( $initialized )

Parameters

boolean $initialized

Definition at line 312 of file class.ilWebAccessChecker.php.

                                                     {
                $this->initialized = $initialized;
        }

References $initialized.

Referenced by initILIAS().

Here is the caller graph for this function:

◆ setOverrideMimetype()

ilWebAccessChecker::setOverrideMimetype ( $override_mimetype )

Parameters

string $override_mimetype

Definition at line 296 of file class.ilWebAccessChecker.php.

                                                                {
                $this->override_mimetype = $override_mimetype;
        }

References $override_mimetype.

◆ setPathObject()

ilWebAccessChecker::setPathObject ( $path_object )

Parameters

ilWACPath $path_object

Definition at line 264 of file class.ilWebAccessChecker.php.

                                                    {
                $this->path_object = $path_object;
        }

References $path_object.

Referenced by __construct().

Here is the caller graph for this function:

◆ setRevalidateFolderTokens()

ilWebAccessChecker::setRevalidateFolderTokens ( $revalidate_folder_tokens )

Parameters

boolean $revalidate_folder_tokens

Definition at line 344 of file class.ilWebAccessChecker.php.

                                                                             {
                $this->revalidate_folder_tokens = $revalidate_folder_tokens;
        }

References $revalidate_folder_tokens.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

Here is the caller graph for this function:

◆ setSendStatusCode()

ilWebAccessChecker::setSendStatusCode ( $send_status_code )

Parameters

boolean $send_status_code

Definition at line 328 of file class.ilWebAccessChecker.php.

                                                             {
                $this->send_status_code = $send_status_code;
        }

References $send_status_code.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

Here is the caller graph for this function:

◆ setUseSeperateLogfile()

static ilWebAccessChecker::setUseSeperateLogfile ( $use_seperate_logfile )

static

Parameters

boolean $use_seperate_logfile

Definition at line 376 of file class.ilWebAccessChecker.php.

                                                                            {
                self::$use_seperate_logfile = $use_seperate_logfile;
        }

References $use_seperate_logfile.